Cybersecurity tops ECRI's list of Top 10 Health Technology Hazards
ECRI Institute has published its annual Top 10 Health Technology Hazards for 2019, and cybersecurity is atop the list as the biggest risk to patient safety.
Researchers at ECRI say they're concerned about software vulnerabilities that could allow hackers or cyber criminals to gain unauthorized remote access to hospitals' networked IT systems and devices, disrupting operations, hindering care delivery and putting safety at risk.
WHY IT MATTERS
Cyber attacks on healthcare have been steadily increasing, even as defenses have been stalling. ECRI noted that it has published 50 alerts and problem reports related to cybersecurity in just the past 18 months.
With so many hospitals running legacy software, networked with vulnerable medical devices, security is no longer just about costly fines for HIPAA noncompliance or the embarrassment of publicized data breaches – it's a critical patient safety issue.
ECRI's list is meant to help health system decision-makers plan and prioritize their efforts – including technology strategies and investments – to protect patient safety
WHAT IS THE TREND
The risks of hackers exploiting remote access to connected devices and systems "remain a significant threat to healthcare operations," according to ECRI.
"Attacks can render devices or systems inoperative, degrade their performance, or expose or compromise the data they hold, all of which can severely hinder the delivery of patient care and put patients at risk," researchers wrote. "Remote access systems are a common target because they are, by nature, publicly accessible."
It's little surprise to see it lead ECRI's list of Top 10 Health Technology Hazards for 2019:
1. Hackers Can Exploit Remote Access to Systems, Disrupting Healthcare Operations
2. "Clean" Mattresses Can Ooze Body Fluids onto Patients
3. Retained Sponges Persist as a Surgical Complication Despite Manual Counts
4. Improperly Set Ventilator Alarms Put Patients at Risk for Hypoxic Brain Injury or Death
5. Mishandling Flexible Endoscopes after Disinfection Can Lead to Patient Infections
6. Confusing Dose Rate with Flow Rate Can Lead to Infusion Pump Medication Errors
7. Improper Customization of Physiologic Monitor Alarm Settings May Result in Missed Alarms
8. Injury Risk from Overhead Patient Lift Systems
9. Cleaning Fluid Seeping into Electrical Components Can Lead to Equipment Damage and Fires
10. Flawed Battery Charging Systems and Practices Can Affect Device Operation
ON THE RECORD
"The consequences of an attack can be widespread and severe, making this a priority concern for all healthcare organizations," says David Jamison, executive director of ECRI's Health Devices program, speaking of the list's top cyber risk. "In critical situations, this could cause harm or death."
Focus on Cybersecurity
In October, we take a deep dive into security strategy and pressing threats.
Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com